I need to create a user who can have access on only one folder.
for example I created a user "test" . he should have access only on folder
/testfolder.
The problem is that the user will mostly use FileZilla to ftp his files in the testfolder.
In the fileZilla , i want him to be unable to read other folder than his own that is /testfolder. he should not be able to access any other folders under / .
A lot depends on your FTP server. I think proftpd will let you restrict a user to one particular directory. You might even be able to arrange a chroot jail.
The thing is a user need to ftp his files in a particular folder. I just dont want him to mess up with other files ..
creating chroot jail (im a bit new to suse linux) might b a prob for me. On that same server i have oracle / weblogic and all..
Thats why, i want to do it a simple way..
Like for example the group "testuser" should SEE ONLY its folder.
It seems he cannot delete files not owned by him..thats fine. But he can still create new files in directories owned by root for instance.
I repeat: A lot depends on your FTP server. (What is it?) I think proftpd will let you restrict a user to one particular directory, and might even be able to arrange a chroot jail.
That would be highly secure -- as far as his login would be concerned, directories above the one he's chrooted into simply wouldn't exist. If you want to restrict him to one and only one directory and not even know others exist, chroot is what you want.
But, doing that depends on your FTP server.
Being able to create files in directories owned by root is normal if the directory is world-writable or he belongs to a group which is allowed to write to it. WARNING -- if he is able to create files in a directory, he may be able to delete files owned by anyone there as well! This is because file deletion is controlled by directory write permissions, not file ownership. (There are some obscure options in some filesystems to change this behavior.) An example in my home directory:
$ sudo touch something
Password:
$ ls -l something
-rw-r--r-- 1 root root 0 Aug 9 10:34 something
$ rm something
rm: remove write-protected regular empty file `something'? y
$
Make sure he doesn't belong to any groups he doesn't need to belong to.
It probably means what it says: incorrect password. On the other hand, this dangerous (imho) tutorial has you editing /etc/passwd by hand so it's also possible you made a mistake in editing it, or their hand-done changes are incorrect or incompatible with your login system. It's better to use usermod to change a users' setup...
One thing I don't see it doing is adding the login wrapper to /etc/shells, if /etc/shells exists on your system it's probably necessary to add it.
Be sure to complete all steps of the tutorial, including the changes to sudoers.
You have substituted the username you wanted for "luser", yes? Or if you created a new "luser", did you give it a password? If you created a new luser, how did you do so?
These instructions are faulty or obsolete, I think. They are five years old, and very rough, and prone to break over minor changes in the login system.
The link someone replied to it with looks more promising. sftp-only chroot jail. It also says openssh v5 and newer supports chroot natively, something I didn't know.
Well, i used a script (attached) which i found on the internet and which seems to works perferctly. it creates the user and it locks him to his home directory.
remember the user needs to be able to login.He will be login though thru an application FileZilla to sftp.
But I tried to create the jail manually cause i need to understand what is really happening. The jail gets created but when it comes to su - user..
it gets the error
/bin/su : incorrect password
I dont know if im missing a library..Im tired of it now..
I still suspect the passwd files inside your chroot.
How about not using random tutorials and suspicious scripts dredged from the internet and trying openssh's built-in chroot feature instead? That will probably work a lot better.